Do you change DNS?

danlightbulb

danlightbulb

danlightbulb

Soldato
Joined
14 Jul 2005
Posts
8,961
Location
Birmingham
Been watching networking videos. Come across a lot where they are setting up routers etc and using either Cloudfare (1.1.1.1) or Google (8.8.8.8) DNS servers. There's also another one using 9.9.9.9 I forget the name.

I've had virgin for years and always just left it on their default settings which I think is there own DNS service.

No brainer to change it, or next to makes no difference?
 
I use root servers via Unbound via Pihole, I have a choice to use DoH from my router but that puts you back in the hands of big dns providers etc. from what I can tell they ain't all that fast either...

Code: 
kdig @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 50395
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 408 B

;; QUESTION SECTION:
;; example.com.                 IN      A

;; ANSWER SECTION:
example.com.            77536   IN      A       93.184.216.34

;; Received 468 B
;; Time 2024-01-11 16:28:54 GMT
;; From 1.1.1.1@853(TCP) in 72.5 ms

kdig @1.1.1.1 +https example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; HTTP session (HTTP/2-POST)-(1.1.1.1/dns-query)-(status: 200)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 0
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 408 B

;; QUESTION SECTION:
;; example.com.                 IN      A

;; ANSWER SECTION:
example.com.            84148   IN      A       93.184.216.34

;; Received 468 B
;; Time 2024-01-11 16:30:37 GMT
;; From 1.1.1.1@443(TCP) in 85.5 ms


kdig @8.8.8.8 +tls-ca +tls-host=dns.google.com example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 27394
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 408 B

;; QUESTION SECTION:
;; example.com.                 IN      A

;; ANSWER SECTION:
example.com.            8992    IN      A       93.184.216.34

;; Received 468 B
;; Time 2024-01-11 15:51:56 GMT
;; From 8.8.8.8@853(TCP) in 49.4 ms


kdig @8.8.8.8 +https example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
;; HTTP session (HTTP/2-POST)-(8.8.8.8/dns-query)-(status: 200)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 0
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 512 B; ext-rcode: NOERROR
;; PADDING: 408 B

;; QUESTION SECTION:
;; example.com.                 IN      A

;; ANSWER SECTION:
example.com.            8371    IN      A       93.184.216.34

;; Received 468 B
;; Time 2024-01-11 16:02:18 GMT
;; From 8.8.8.8@443(TCP) in 44.8 ms


kdig @209.250.226.191 +tls-ca +tls-host=dns.nextdns.io example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 29621
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR

;; QUESTION SECTION:
;; example.com.                 IN      A

;; ANSWER SECTION:
example.com.            79205   IN      A       93.184.216.34

;; Received 56 B
;; Time 2024-01-11 15:54:00 GMT
;; From 209.250.226.191@853(TCP) in 66.7 ms



 kdig @209.250.226.191 +https example.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-128-GCM)
;; HTTP session (HTTP/2-POST)-(209.250.226.191/dns-query)-(status: 200)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 0
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR

;; QUESTION SECTION:
;; example.com.                 IN      A

;; ANSWER SECTION:
example.com.            78794   IN      A       93.184.216.34

;; Received 56 B
;; Time 2024-01-11 16:00:51 GMT
;; From 209.250.226.191@443(TCP) in 74.9 ms
 
The1nonly1 said:
I'm using Cloudflare malware blocking, no idea if it actually does the job. 1.1.1.2 and 1.0.0.2.
Click to expand...
Quad9 have much better malware blocking than Cloudflare. OP, as you say it's a no brainer to use independent DNS. Virgin log all DNS queries for years at a time and provide them (i.e. a list of all sites you've visited) to any nosey 'authorised person' who asks, without even the need for any warrant... That includes anyone on your council, DWP, Food Standards Agency(!), ambulance and fire service, and a whole other host of folks you wouldn't expect. VM also use DNS to help censor your Internet.

Personally I have run my own DNS servers for years. I have AdGuard Home on one VPS, and Unbound + Redis (cache) on another; both serving encrypted DNS over DoH (with the AGH instance also providing DoQ and DoT).
 
Last edited:
Ad_Augendae said:
Did you use this https://github.com/ar51an/unbound-dashboard#unbound-dashboard
Click to expand...
yeh, set this up too, was very pretty, i had a feeling my config wasn't right in redis/unbound so got rid, will come back to it at some point, was a nice half day project over the Xmas period lol

I now have 2x AGH pointing to their own unbound servers in recursive mode, then both AGH have each unbound as upstreams in parallel mode, that way i have 2 cached up unbounds.
 
Last edited:
So in answer to the OP, I hadn't but I have now to Quad 9. Reading this, the linked forum post above and watching the YT video, seems like I have been missing out on free security and speed (ish, maybe).
 
You must log in or register to reply here.
Back
Top Bottom